A Concise Overview of Australia's Cyber Threat Landscape in 


by Chadi Saliby 


This practical snapshot analysis was based on a variation of sources, reports and dark 
web intelligence gathered, covering 2023 and some of the 2024 major incidents already. 


The focus wasn’t directed at any sector or industry, just unpeeling the darkness of the 
Australian web, and some of its Asia Pacific neighbours. 

| do this exercise every year now, as it helps me filter down many unnoticed issues, and 
observing the bigger picture of the Australian cyber story. And this year | decided to make 
it half descent to share it with everyone. 


There have been more than 300 mentions of Australia on the dark web, these mentions 
were related to leaked data from public (reported) and not so public (unreported) cyber 
incidents. 

Over 50% of these dark web posts allege data leaked containing customer and sensitive 
data. Including access details to Admin portal, RDP, and Network. This data is very 
valuable to ransomware gangs, as it gives them easier and quicker access to conduct their 
ransomware attacks and get wider share of the dark market. 
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The most targeted Australian sectors observed were Finance, Tech, Health, and 
Government. From my observation the most unreported cyber incidents belonged to 
Australian Local Government. 

There have been more than 80 Ransomware attacks, carried by more than 22 identified 
groups. Continuing in the trend of major ransomware attacks from 2022, on the like of 
Medibank and Optus. 
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A myriad of cyber incidents unfolded, with the majority escaping 
media coverage: 


e Norton LifeLock - January 2023 
(Password Manager) 


e PayPal- January 2023 
(Credential Stuffing) 


e QUT- January 2023 
(Royal Ransom) 


e Goto - January 2023 
(From Previous Shared Cloud Storage Attack) 


e JD Sports - February 2023 
(Credential Stuffing) 


e The Good Guys - February 2023 
(Data leak happened in August 2021 !?!) 


e CBA Commonwealth Bank - Indonesian Division March 2023 
(Unauthorised access of a web-based software application) 


e Latitude Financial - March 2023 
(Threat Actor used DXC infrastructure to gain access) 


e Rio Tinto - March 2023 


Canberra Health Services - March 2023 

Crown Resorts - March 2023 

Meriton - March 2023 

Tasmanian Government - March 2023 

TAFE - April 2023 

Service NSW - April 2023 

( Revealed customers drivers’ licence, vehicle registration, mobile, and names BY 


MISTAKE) 


Coles - April 2023 
( an Aftereffect of Latitude Breach) 


Afterpay - April 2023 


HWL Ebsworth - May 2023 
(ALPHV) 


Ambulance Victoria - May 2023 


Toyota - May 2023 
(2.15 Million user data was mistakenly set to public view) 


NT Government - May 2023 
Fire Rescue Victoria - May 2023 


ACT Government - June 2023 
(Breach in email gateway system Barracuda) 


PwC - June 2023 
SmartPay - June 2023 


NDIS | HWL Ebsworth - July 2023 
(ALPHV) 


Australian Defence Force - June 2023 
( Law Firm HWL Ebsworth 2.5 Million Document) 


LG Energy Solution Australia - June 2023 


Perpetual - June 2023 
(Caused by Tech Mahindra an Indian tech firm) 


Department of Home Affairs - July 2023 
( Inadvertent release of personal data related to 50 small businesses) 


MyGov - July 2023 
(Major mistake, ATO allowed perpetrators to file for $557 million in false claims) 


ChatGPT - July 2023 


MOVEit - August 2023 
(Spawned over 600 breaches) 


Department of Veterans’ Affairs - August 2023 

(300,000 veterans, widows and others connected to the Department of Veterans’ 
Affairs have been routinely provided to a university for cost-saving research without 
the knowledge or consent of the people involved) 


Judo Bank - August 2023 
( HBL Ebsworth ) 


REX - August 2023 
( HBL Ebsworth ) 


Pareto Phone - August 2023 
(13,500 donors leaked onto the dark web) 


University of Sydney - August 2023 
(Supply chain attack) 


Dymocks - September 2023 
(1.2 Million customers data on dark web) 


Australian Federal Police - September 2023 
(HWL Ebsworth) 


Pizza Hut - September 2023 
(ShinyHunters Group Via AWS Cloud) 


Network Pacific Real Estate - October 2023 
Royal Women’s Hospital Parkville - October 2023 
Personify Care - October 2023 

Alfred Health - November 2023 


DP World - November 2023 
(LockBit) 


National Disability Insurance Agency - November 2023 
Australian Clinical Labs - November 2023 


Certis Security Australia - November 2023 
(Okta data breach) 


The Department for Child Protection - December 2023 


ASIC - December 2023 
( Four breaches in the past 2 years, attributed to human error and misconfiguration) 


University of Wollongong - December 2023 
Qld Rural Fire Service - December 2023 


Melbourne Arts Centre - December 2023 


e StVincent’s Health - December 2023 

e Yakult Australia - December 2023 

e NSW Eastern Suburb Libraries - December 2023 
e Court Services Australia - January 2024 


e Inspiring Vacations - January 2024 


There have been many others that | couldn’t verify from the dark web groups forums, such 
as the Turkish group Rhysida and the novel Akira group, which has been very active this 
year. 
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2023-09-06 | Energy One Energy One Limited provides various software products and service | 
s to wholesale energy, environmental, and carbon trading markets | 
in the Asia-Pacific, the United Kingdom, and Europe. The company | 
will provide you all with its 77GB data where you will find infor | 
mation on their projects with big business names, financial docum | 
ents, contracts, and HR information as well. | 
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When preparing this paper and listing all these major cyber incidents that occurred in only 
one year in Australia, made me think of the lack of care from both corporate and 
Government. 


The Australian Security of Critical Infrastructure Act 2018 (SOCI Act) was updated 
became effective in February 2023. With a new shinny Australian Cyber Security Strategy 
2023-2030 was announced. 

Looking now into what was going on in 2023, and comparing it to the pale, weak response 
from the Government. 

With almost no care or any real investments from corporates to balance the scale. 

Out of all these listed breaches, only one was fined maybe. 

Fines are not the best tool to be used, but at least have them as a deterrent control. 


The Never Changing Australian Tax Scam 
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Australian Taxation Office 
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Few things in life never changes, and this has become an annual tradition now in 
Australia. The August 2023 tax time SMS and email scams. 


ATO 2FA authenticator 
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Where an increased number of reports about several ATO impersonation SMS and 
email scams. 

These scams encourage people to click on a link that directs them to fake MyGov 
sign in pages designed to steal their username and password. 


Conclusion 


2024 will be the year of transitions on so many levels, economics, social, culture 
and political, and cyber security will not be immune. 


Ransomware groups are all competing on the same portion of the market, and you 
can already observe what that means, and how exacerbate their attacks will be, so 
don't get caught flat footed. 


Stay vigilant, prudent and don't be the lowest hanging fruit in any kill chain, get 
your basic cyber hygiene in order and keep an eye on the fast-moving threat 
landscape. 


